<?php

require_once 'config.inc';
require_once('_db.inc');
require_once('_ui.inc');
require_once '_bank.inc';

 ui_print_header('Bank - Sign Money Order');


	//verify ID strings
	if (!verify_ID_strings($_POST[IDs], $_POST[unblindedMO])){
		echo "The ID strings is not valid!</br>";
	}else{

		echo "This money order is valid!</br>";
		// Create a database connection
		$conn = db_connect(BANK_DB_USER, BANK_DB_PASSWORD);
		// get the chosen money order to sign
		//echo 'SELECT * FROM mo_blinded where BATCH=' .$_POST['batch']. ' and mo_n=' .$_POST['chosen'];
 		$moneyOrders = db_do_query($conn,'SELECT * FROM mo_blinded where BATCH=' .$_POST['batch']. ' and mo_n=' .$_POST['chosen']);
						
		//sign miney order
		$signed_MO = blind_sign($moneyOrders[0]['BLINDED_MO']);
		//read the money order value
		$MO = mo_string_to_obj($_POST[unblindedMO]);
		//deduct money from customer account
		update_Money('c', $MO['amount'], '-', $conn);
//			$sql = "update accounts set balance=balance-$MO[amount] where  name='Customer-Alice'";
//			$r = db_execute($conn, $sql);
		
		
		echo <<<END
			<form method="post" action="2R_7_CustomerReceiveMO.php">
			<table>
			<tr>
			<td>Money Deduction</td>
			<td>:</td>
			<td>$<input name="amount" type="text" size="50" value="$MO[amount]" READONLY>
			<input name="batch" type="hidden" value="$_POST[batch]">
			<input name="chosen" type="hidden" value="$_POST[chosen]">
			</td>
			</tr>
			<tr>
			<td>Money Order Signature</td>
			<td>:</td>
			<td>
			<input name="signedMO" type="text" value="$signed_MO" size="150" READONLY>
			</td>
			</tr>
			<tr>
			<td>&nbsp;</td>
			<td>&nbsp;</td>
			<td><input type="submit" name="Sign" value="Pass Signed Money Order to Customer"></td>
			</tr>
			</table>
			</form>
END;
		
	oci_close($conn);
	
	}
ui_print_footer(date('Y-m-d H:i:s'));
?>